Hi, I was dnat'ing to an internal web server happily.. Then I installed "FOG" ( http://www.fogproject.org/ ) and now, even with apache shut down on the firewall/fogserver box dnat doesn't seem to work.. I realize this isn't much to go on, but with the local server turned off and shorewall set to forward to internal server.. This is my config for shorewall.. I feel like I am missing something obvious..maybe the "fog" is a red herring.. Any ideas? I don't see why if Shorewal/iptables is the first thing touching the incoming packets why having installed fog would matter. ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT GROUP # Accept DNS connections from the firewall to the network ACCEPT fw net tcp 53 ACCEPT fw net udp 53 # Accept SSH connections from the local network for administration ACCEPT loc fw tcp ssh #ACCEPT all all tcp ssh ACCEPT net loc:192.168.2.2 udp www ACCEPT net loc:192.168.2.2 tcp www DNAT net:XX.XX.XX.XX loc:192.168.2.2 tcp www DNAT net:XX.XX.XX.XX loc:192.168.2.2 udp www # OpenVPN2 ACCEPT all all udp 1194 ACCEPT all all udp 1194 # NTP Protocol ACCEPT fw net udp ntp # necessary for SAMBA on the local interface for 3.0 shorewall and above. SMB/ACCEPT $FW loc SMB/ACCEPT loc $FW ACCEPT loc $FW tcp ftp ACCEPT loc $FW udp ftp #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE [ Read 33 lines ] ^G Get Help ^O WriteOut ^R Read File ^Y Prev Page ^K Cut Text ^C Cur Pos ^X Exit ^J Justify ^W Where Is ^V Next Page ^U UnCut Text ^T To Spell